Bastion

The box was great! But trying to understend why some tools didn`t work for me and had to install 3d software on W*********.
Could somebody DM me to maybe discuss why ************.rb doesnt work in my case?

DM me for hints if you stuck guys :smile:

PWNED!

user was harder than root for me but I confirm it’s possible (and maybe easier) to own both user and root from Kali.
I was scaring myself when the root.txt hash didn’t work!! I had to restart the box because root.txt was modified (accidentally?!) by someone, after restarting i noticed that there was one more character at the end of the hash.

user hint: smb share enumeration + mount techniques + basic Windows password management
root hint: enumeration + google :slight_smile:

DM me for help if you want!

@L4mpje thank you for this awesome box!

Hack The Box

Finally, I was able to get the root, it was a great box, learned a lot from it. @L4mpje thank you for a great box.

DM me if you need some help!

I’m not sure what was said in the forum, but don’t waste your time working on the admin password like I did. I was building my own tool (which is fine), but there’s already help online that’ll enable you to complete this box.

Just in case anyone is stuck:

USER - requires solid enumeration to figure what’s available to connect to. Once connected, look around/more enumeration (Google any files that you’re unfamiliar with), use a well documented technique found online to be able to see more of the filesystem. From there, think about how you would like to obtain user creds.

Root - more enumeration of the filesystem with the USER access that you have. Again, google any thing that you don’t understand/find intersting. I found what I needed very quickly and setup a meterpreter reverse shell (NOT NECESSARY), but I spent hours building a tool with guidance I found online when I could have just used something already available to root the box.

Overall, this was a very fun machine. I really enjoyed the techniques.

Rooted. Nice. I did in Linux and Windows for the practice. Thanks for the script and the help with the script options @0xNoOne
Thanks for the box @L4mpje

Feel free to PM.

Rooted, all in linux… very nice box don`t get many windows boxes so it’s good to play with one

rooted without any using of windows machine, all in kali :slight_smile:
pm me if you need help .
Arrexel

Still not owned but as a newbie this article helped me a lot:

please, let me know if it is considered as a spoiler and i (admin?) will remove it.

Had a lot of fun with this today, completed all with Kali, learning loads on the way!

Type your comment> @M4t35Z said:

User: enumeration, Who is the uncle of USA?
Root: more enumeration just for 1 thing

Feel free to PM me if u stuck. (:

Ahaha…nice one about User. I’ve got the file but i’m struggling with J***, h*****t, etc…

please help with rooting. I have file. Don’t know how to crack it. why do i need windows for that if the scripts are python or ruby?

Type your comment> @kalagan76 said:

Ahaha…nice one about User. I’ve got the file but i’m struggling with J***, h*****t, etc…
Yeah I am encountering the same problem. Has anyone got any tips on how to deal with this?

Edit: I did it! Thanks to @kalagan76 for helping me with john the ripper for the user.

Juste found user password. The command with j*** is actually pretty simple.

Rooted! My first Windows machine and the first one i did without help (except the forum). I really like it, that was a great machine. I don’t get why a lot of people needed a Windows VM. I did everything under Kali and nothing was really difficult. I’m a newbie but you can PM me if you need help.

test

Got root using only Kali. Except maybe the mount, I think nothing would have been harder than with a windows VM. Thanks @Kucharskov for user and @bing0o for the exploit for root. One hint regarding this one : it needs to be up to date.

Stuck on this box. Located and can connect to 2 shares remotely but not sure how to progress. Hints would be appreciate in DM. Thanks.

Rooted. Learned a lot, especially getting the regular user. Root barely took any time on Linux, no Windows. You can find a python script that helps with the final step if you search for github on “appname_decrypt.py”.

Rooted, but only because this forum gave me the hint which program to check out for the PrivEsc. How would you even figure something like that out on your own? Do you just look at all the programs that are installed and then google around to see if they’re vulnerable? Or are there automated processes to find these things?

Also, @0xNoOne is an absolute saint for writing that script.

Hi Guys,I could get the user.txt
But ı couldn’t crack the S*M file with john .I just could able to do it online via hashkiller.If someone can crack via John,please send me a PM.I really wonder what is my mistake.

Thanks